diff --git a/biz/attachment.go b/biz/attachment.go
index f3b9418..e76474c 100644
--- a/biz/attachment.go
+++ b/biz/attachment.go
@@ -186,7 +186,7 @@ func (s *AttachmentAPIService) UploadDocument(ctx *gin.Context) {
 	}
 
 	// 检查用户是否有权限上传文档
-	if !s.dbModel.CanIUploadDocument(userClaims.UserId) {
+	if !s.dbModel.CanIAccessUploadDocument(userClaims.UserId) {
 		ctx.JSON(http.StatusForbidden, ginResponse{Code: http.StatusForbidden, Message: "没有权限上传文档", Error: "没有权限上传文档"})
 		return
 	}
diff --git a/biz/comment.go b/biz/comment.go
index ceaf13d..bc0bb63 100644
--- a/biz/comment.go
+++ b/biz/comment.go
@@ -47,6 +47,10 @@ func (s *CommentAPIService) CreateComment(ctx context.Context, req *pb.CreateCom
 		return nil, status.Errorf(codes.InvalidArgument, "验证码错误")
 	}
 
+	if yes, _ := s.dbModel.CanIAccessComment(userClaims.UserId); !yes {
+		return nil, status.Errorf(codes.PermissionDenied, "您已经被禁止发表评论")
+	}
+
 	comment := &model.Comment{}
 	err = util.CopyStruct(req, comment)
 	if err != nil {
diff --git a/biz/document.go b/biz/document.go
index 15f4018..35d5016 100644
--- a/biz/document.go
+++ b/biz/document.go
@@ -54,7 +54,7 @@ func (s *DocumentAPIService) CreateDocument(ctx context.Context, req *pb.CreateD
 		return nil, err
 	}
 
-	if !s.dbModel.CanIUploadDocument(userCliams.UserId) {
+	if !s.dbModel.CanIAccessUploadDocument(userCliams.UserId) {
 		return nil, status.Error(codes.PermissionDenied, "没有权限上传文档")
 	}
 
@@ -673,6 +673,10 @@ func (s *DocumentAPIService) DownloadDocument(ctx context.Context, req *pb.Docum
 		userId = userClaims.UserId
 	}
 
+	if yes, _ := s.dbModel.CanIAccessDownload(userId); !yes {
+		return res, status.Errorf(codes.PermissionDenied, "您的账户已被禁止下载文档")
+	}
+
 	ip := ""
 	ips, _ := util.GetGRPCRemoteIP(ctx)
 	if len(ips) > 0 {
diff --git a/biz/favorite.go b/biz/favorite.go
index eca55e8..cb79108 100644
--- a/biz/favorite.go
+++ b/biz/favorite.go
@@ -34,6 +34,11 @@ func (s *FavoriteAPIService) CreateFavorite(ctx context.Context, req *pb.Favorit
 		return nil, err
 	}
 
+	yes, _ := s.dbModel.CanIAccessFavorite(userClaims.UserId)
+	if !yes {
+		return nil, status.Errorf(codes.PermissionDenied, "您已经被禁止收藏文档")
+	}
+
 	favorite := &model.Favorite{
 		UserId:     userClaims.UserId,
 		DocumentId: req.DocumentId,
diff --git a/biz/user.go b/biz/user.go
index ddbf643..70aa5ce 100644
--- a/biz/user.go
+++ b/biz/user.go
@@ -541,7 +541,7 @@ func (s *UserAPIService) CanIUploadDocument(ctx context.Context, req *emptypb.Em
 		return nil, err
 	}
 
-	if !s.dbModel.CanIUploadDocument(userClaims.UserId) {
+	if !s.dbModel.CanIAccessUploadDocument(userClaims.UserId) {
 		return nil, status.Errorf(codes.PermissionDenied, "您没有上传文档的权限")
 	}
 
diff --git a/model/punishment.go b/model/punishment.go
index 21efd84..b8ed725 100644
--- a/model/punishment.go
+++ b/model/punishment.go
@@ -165,3 +165,24 @@ func (m *DBModel) DeletePunishment(ids []int64) (err error) {
 	}
 	return
 }
+
+func (m *DBModel) isInPunishing(userId int64, types []int) (yes bool, err error) {
+	if userId <= 1 {
+		return false, nil
+	}
+
+	punishment := &Punishment{}
+	err = m.db.Model(punishment).Select("id").
+		Where(
+			"user_id = ? and enable = ? and type in ? and (end_time IS NULL or end_time > ?)",
+			userId, true, types, time.Now(),
+		).Find(&punishment).Error
+	if err != nil {
+		if err == gorm.ErrRecordNotFound {
+			return false, nil
+		}
+		m.logger.Error("isInPunishing", zap.Error(err))
+		return
+	}
+	return punishment.Id > 0, nil
+}
diff --git a/model/user.go b/model/user.go
index 260d48d..9b12505 100644
--- a/model/user.go
+++ b/model/user.go
@@ -411,7 +411,13 @@ func (m *DBModel) SetUserGroupAndPassword(userId int64, groupId []int64, passwor
 }
 
 // CanIUploadDocument 判断用户是否有上传文档的权限
-func (m *DBModel) CanIUploadDocument(userId int64) (yes bool) {
+// 1. 用户是否被禁用或被处罚禁止上传文档
+// 2. 用户所在的用户组是否允许上传文档
+func (m *DBModel) CanIAccessUploadDocument(userId int64) (yes bool) {
+	if inPunishing, _ := m.isInPunishing(userId, []int{PunishmentTypeDisabled, PunishmentTypeUploadLimited}); inPunishing {
+		return false
+	}
+
 	var (
 		tableGroup     = Group{}.TableName()
 		tableUserGroup = UserGroup{}.TableName()
@@ -427,6 +433,39 @@ func (m *DBModel) CanIUploadDocument(userId int64) (yes bool) {
 	return group.Id > 0
 }
 
+// 用户是否可以下载文档：被禁用的账号或被禁止下载的账户不能下载
+func (m *DBModel) CanIAccessDownload(userId int64) (yes bool, err error) {
+	yes, err = m.isInPunishing(userId, []int{PunishmentTypeDownloadLimited, PunishmentTypeDisabled})
+	yes = !yes
+	if err != nil {
+		m.logger.Error("CanIAccessDownload", zap.Error(err))
+		return
+	}
+	return
+}
+
+// 用户是否可以评论
+func (m *DBModel) CanIAccessComment(userId int64) (yes bool, err error) {
+	yes, err = m.isInPunishing(userId, []int{PunishmentTypeCommentLimited, PunishmentTypeDisabled})
+	yes = !yes
+	if err != nil {
+		m.logger.Error("CanIAccessComment", zap.Error(err))
+		return
+	}
+	return
+}
+
+// 用户是否可以收藏文档
+func (m *DBModel) CanIAccessFavorite(userId int64) (yes bool, err error) {
+	yes, err = m.isInPunishing(userId, []int{PunishmentTypeFavoriteLimited, PunishmentTypeDisabled})
+	yes = !yes
+	if err != nil {
+		m.logger.Error("CanIAccessFavorite", zap.Error(err))
+		return
+	}
+	return
+}
+
 // 用户是否发表评论
 func (m *DBModel) CanIPublishComment(userId int64) (defaultCommentStatus int8, err error) {
 	if userId <= 0 {
diff --git a/web/components/FormPunishment.vue b/web/components/FormPunishment.vue
index 8ade6bc..948e04c 100644
--- a/web/components/FormPunishment.vue
+++ b/web/components/FormPunishment.vue
@@ -36,7 +36,18 @@
         </el-select>
         <el-input v-else :disabled="true" v-model="punishment.username" />
       </el-form-item>
-      <el-form-item label="处罚类型">
+      <el-form-item
+        prop="type"
+        :rules="[
+          { required: true, trigger: 'blur', message: '请选择处罚类型' },
+        ]"
+      >
+        <template slot="label">
+          处罚类型
+          <ToolTip
+            content="禁止评论：不允许发表评论；禁止上传：不允许上传文档；禁止收藏：不允许收藏；禁止下载：不允许下载文档；禁用账户：包括上述全部禁用项"
+          />
+        </template>
         <el-checkbox-group v-if="punishment.id === 0" v-model="punishment.type">
           <el-checkbox
             v-for="item in punishmentTypeOptions"
diff --git a/web/pages/admin/user/list.vue b/web/pages/admin/user/list.vue
index 63805bd..1d6f3de 100644
--- a/web/pages/admin/user/list.vue
+++ b/web/pages/admin/user/list.vue
@@ -113,7 +113,7 @@ export default {
       groups: [],
       users: [],
       user: { id: 0 },
-      total: 100,
+      total: 0,
       searchFormFields: [],
       listFields: [],
       selectedRows: [],
@@ -308,14 +308,14 @@ export default {
             }
           }),
         },
-        {
-          type: 'select',
-          label: '状态',
-          name: 'status',
-          placeholder: '请选择用户状态',
-          multiple: true,
-          options: this.userStatusOptions,
-        },
+        // {
+        //   type: 'select',
+        //   label: '状态',
+        //   name: 'status',
+        //   placeholder: '请选择用户状态',
+        //   multiple: true,
+        //   options: this.userStatusOptions,
+        // },
       ]
     },
     initTableListFields() {
diff --git a/web/pages/upload.vue b/web/pages/upload.vue
index cc39e22..6880417 100644
--- a/web/pages/upload.vue
+++ b/web/pages/upload.vue
@@ -166,7 +166,7 @@
                     class="btn-block"
                     disabled
                   >
-                    <span v-if="user.id > 0">您所在用户组暂无权限上传文档</span>
+                    <span v-if="user.id > 0">您暂无权限上传文档</span>
                     <span v-else>您未登录，请先登录</span>
                   </el-button>
                 </el-form-item>